Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
jQuery XSS patch
jQuery.fn.__init = jQuery.fn.init;
var old_expr = /^(?:[^<]*(<[\w\W]+>)[^>]*$)/;
var strict_expr = /^\s*</;
jQuery.fn.init = function(selector, context, rootjQuery){
if (typeof selector === "string") {
// console.log(selector);
if (old_expr.test(selector) && !strict_expr.test(selector)) {
throw 'Syntax error, html string must start with "<"';
return new jQuery.fn.__init(selector, context, rootjQuery);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.